fix: Migrate auth0 provider to new thirdparty interface

Author: KShivendu

tests/auth-react/django3x/mysite/utils.py

@@ -167,52 +167,9 @@ async def check_for_general_error(
     return is_general_error
 
 
-# Migrate CustomAuth0Provider
-# class CustomAuth0Provider(Provider):
-#     def __init__(self, client_id: str, client_secret: str, domain: str):
-#         super().__init__("auth0", False)
-#         self.domain = domain
-#         self.client_id = client_id
-#         self.client_secret = client_secret
-#         self.authorisation_redirect_url = "https://" + self.domain + "/authorize"
-#         self.access_token_api_url = "https://" + self.domain + "/oauth/token"
-
-#     async def get_profile_info(
-#         self, auth_code_response: Dict[str, Any], user_context: Dict[str, Any]
-#     ) -> UserInfo:
-#         # we do not query auth0 here cause it reaches their rate limit.
-#         return UserInfo("test-user-id-1", UserInfoEmail("[email protected]", True))
-
-#     def get_authorisation_redirect_api_info(
-#         self, user_context: Dict[str, Any]
-#     ) -> AuthorisationRedirectAPI:
-#         params: Dict[str, Any] = {
-#             "scope": "openid profile",
-#             "response_type": "code",
-#             "client_id": self.client_id,
-#         }
-#         return AuthorisationRedirectAPI(self.authorisation_redirect_url, params)
-
-#     def get_access_token_api_info(
-#         self,
-#         redirect_uri: str,
-#         auth_code_from_request: str,
-#         user_context: Dict[str, Any],
-#     ) -> AccessTokenAPI:
-#         params = {
-#             "client_id": self.client_id,
-#             "client_secret": self.client_secret,
-#             "grant_type": "authorization_code",
-#             "code": auth_code_from_request,
-#             "redirect_uri": redirect_uri,
-#         }
-#         return AccessTokenAPI(self.access_token_api_url, params)
-
-#     def get_redirect_uri(self, user_context: Dict[str, Any]) -> Union[None, str]:
-#         return None
-
-#     def get_client_id(self, user_context: Dict[str, Any]) -> str:
-#         return self.client_id
+def auth0_provider_override(provider: Provider) -> Provider:
+    # TODO: Finish when Node SDK is ready
+    return provider
 
 
 providers_list: List[thirdparty.ProviderInput] = [
@@ -260,12 +217,19 @@ async def check_for_general_error(
             ],
         )
     ),
-    # FIXME: Migrate this:
-    # CustomAuth0Provider(
-    #     client_id=os.environ.get("AUTH0_CLIENT_ID"),  # type: ignore
-    #     domain=os.environ.get("AUTH0_DOMAIN"),  # type: ignore
-    #     client_secret=os.environ.get("AUTH0_CLIENT_SECRET"),  # type: ignore
-    # ),
+    thirdparty.ProviderInput(
+        config=thirdparty.ProviderConfig(
+            third_party_id="auth0",
+            clients=[
+                thirdparty.ProviderClientConfig(
+                    client_id=os.environ["AUTH0_CLIENT_ID"],
+                    client_secret=os.environ["AUTH0_CLIENT_SECRET"],
+                    additional_config={"domain": os.environ["AUTH0_DOMAIN"]},
+                )
+            ],
+        ),
+        override=auth0_provider_override,
+    ),
 ]
 
 

tests/auth-react/fastapi-server/app.py

@@ -236,52 +236,9 @@ async def validate_age(value: Any):
 ]
 
 
-# Migrate CustomAuth0Provider
-# class CustomAuth0Provider(Provider):
-#     def __init__(self, client_id: str, client_secret: str, domain: str):
-#         super().__init__("auth0", False)
-#         self.domain = domain
-#         self.client_id = client_id
-#         self.client_secret = client_secret
-#         self.authorisation_redirect_url = "https://" + self.domain + "/authorize"
-#         self.access_token_api_url = "https://" + self.domain + "/oauth/token"
-
-#     async def get_profile_info(
-#         self, auth_code_response: Dict[str, Any], user_context: Dict[str, Any]
-#     ) -> UserInfo:
-#         # we do not query auth0 here cause it reaches their rate limit.
-#         return UserInfo("test-user-id-1", UserInfoEmail("[email protected]", True))
-
-#     def get_authorisation_redirect_api_info(
-#         self, user_context: Dict[str, Any]
-#     ) -> AuthorisationRedirectAPI:
-#         params: Dict[str, Any] = {
-#             "scope": "openid profile",
-#             "response_type": "code",
-#             "client_id": self.client_id,
-#         }
-#         return AuthorisationRedirectAPI(self.authorisation_redirect_url, params)
-
-#     def get_access_token_api_info(
-#         self,
-#         redirect_uri: str,
-#         auth_code_from_request: str,
-#         user_context: Dict[str, Any],
-#     ) -> AccessTokenAPI:
-#         params = {
-#             "client_id": self.client_id,
-#             "client_secret": self.client_secret,
-#             "grant_type": "authorization_code",
-#             "code": auth_code_from_request,
-#             "redirect_uri": redirect_uri,
-#         }
-#         return AccessTokenAPI(self.access_token_api_url, params)
-
-#     def get_redirect_uri(self, user_context: Dict[str, Any]) -> Union[None, str]:
-#         return None
-
-#     def get_client_id(self, user_context: Dict[str, Any]) -> str:
-#         return self.client_id
+def auth0_provider_override(provider: Provider) -> Provider:
+    # TODO: Finish when Node SDK is ready
+    return provider
 
 
 def custom_init(
@@ -348,12 +305,19 @@ def custom_init(
                 ],
             )
         ),
-        # FIXME: Migrate this:
-        # CustomAuth0Provider(
-        #     client_id=os.environ.get("AUTH0_CLIENT_ID"),  # type: ignore
-        #     domain=os.environ.get("AUTH0_DOMAIN"),  # type: ignore
-        #     client_secret=os.environ.get("AUTH0_CLIENT_SECRET"),  # type: ignore
-        # ),
+        thirdparty.ProviderInput(
+            config=thirdparty.ProviderConfig(
+                third_party_id="auth0",
+                clients=[
+                    thirdparty.ProviderClientConfig(
+                        client_id=os.environ["AUTH0_CLIENT_ID"],
+                        client_secret=os.environ["AUTH0_CLIENT_SECRET"],
+                        additional_config={"domain": os.environ["AUTH0_DOMAIN"]},
+                    )
+                ],
+            ),
+            override=auth0_provider_override,
+        ),
     ]
 
     def override_email_verification_apis(

tests/auth-react/flask-server/app.py

@@ -229,52 +229,9 @@ async def check_for_general_error(
     return is_general_error
 
 
-# FIXME: Migrate CustomAuth0Provider
-# class CustomAuth0Provider(Provider):
-#     def __init__(self, client_id: str, client_secret: str, domain: str):
-#         super().__init__("auth0")
-#         self.domain = domain
-#         self.client_id = client_id
-#         self.client_secret = client_secret
-#         self.authorisation_redirect_url = "https://" + self.domain + "/authorize"
-#         self.access_token_api_url = "https://" + self.domain + "/oauth/token"
-
-#     async def get_profile_info(
-#         self, auth_code_response: Dict[str, Any], user_context: Dict[str, Any]
-#     ) -> UserInfo:
-#         # we do not query auth0 here cause it reaches their rate limit.
-#         return UserInfo("test-user-id-1", UserInfoEmail("[email protected]", True))
-
-#     def get_authorisation_redirect_api_info(
-#         self, user_context: Dict[str, Any]
-#     ) -> AuthorisationRedirectAPI:
-#         params: Dict[str, Any] = {
-#             "scope": "openid profile",
-#             "response_type": "code",
-#             "client_id": self.client_id,
-#         }
-#         return AuthorisationRedirectAPI(self.authorisation_redirect_url, params)
-
-#     def get_access_token_api_info(
-#         self,
-#         redirect_uri: str,
-#         auth_code_from_request: str,
-#         user_context: Dict[str, Any],
-#     ) -> AccessTokenAPI:
-#         params = {
-#             "client_id": self.client_id,
-#             "client_secret": self.client_secret,
-#             "grant_type": "authorization_code",
-#             "code": auth_code_from_request,
-#             "redirect_uri": redirect_uri,
-#         }
-#         return AccessTokenAPI(self.access_token_api_url, params)
-
-#     def get_redirect_uri(self, user_context: Dict[str, Any]) -> Union[None, str]:
-#         return None
-
-#     def get_client_id(self, user_context: Dict[str, Any]) -> str:
-#         return self.client_id
+def auth0_provider_override(provider: Provider) -> Provider:
+    # TODO: Finish when Node SDK is ready
+    return provider
 
 
 def custom_init(
@@ -854,12 +811,19 @@ async def authorisation_url_get(
                 ],
             )
         ),
-        # FIXME: Migrate this:
-        # CustomAuth0Provider(
-        #     client_id=os.environ.get("AUTH0_CLIENT_ID"),  # type: ignore
-        #     domain=os.environ.get("AUTH0_DOMAIN"),  # type: ignore
-        #     client_secret=os.environ.get("AUTH0_CLIENT_SECRET"),  # type: ignore
-        # ),
+        thirdparty.ProviderInput(
+            config=thirdparty.ProviderConfig(
+                third_party_id="auth0",
+                clients=[
+                    thirdparty.ProviderClientConfig(
+                        client_id=os.environ["AUTH0_CLIENT_ID"],
+                        client_secret=os.environ["AUTH0_CLIENT_SECRET"],
+                        additional_config={"domain": os.environ["AUTH0_DOMAIN"]},
+                    )
+                ],
+            ),
+            override=auth0_provider_override,
+        ),
     ]
 
     if contact_method is not None and flow_type is not None:

tests/thirdparty/test_thirdparty.py

@@ -78,74 +78,3 @@ async def test_thirdpary_parsing_works(fastapi_client: TestClient):
         res.content
         == b'<html><head><script>window.location.replace("http://supertokens.io/auth/callback/apple?state=afc596274293e1587315c&code=c7685e261f98e4b3b94e34b3a69ff9cf4.0.rvxt.eE8rO__6hGoqaX1B7ODPmA");</script></head></html>'
     )
-
-
-async def test_apple_provider_can_fetch_keys():
-    from supertokens_python.recipe.thirdparty.providers.apple import Apple
-    from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey
-
-    def api_side_effect(_: httpx.Request):
-        return httpx.Response(
-            200,
-            json={
-                "keys": [
-                    {
-                        "kty": "RSA",
-                        "kid": "W6WcOKB",
-                        "use": "sig",
-                        "alg": "RS256",
-                        "n": "2Zc5d0-zkZ5AKmtYTvxHc3vRc41YfbklflxG9SWsg5qXUxvfgpktGAcxXLFAd9Uglzow9ezvmTGce5d3DhAYKwHAEPT9hbaMDj7DfmEwuNO8UahfnBkBXsCoUaL3QITF5_DAPsZroTqs7tkQQZ7qPkQXCSu2aosgOJmaoKQgwcOdjD0D49ne2B_dkxBcNCcJT9pTSWJ8NfGycjWAQsvC8CGstH8oKwhC5raDcc2IGXMOQC7Qr75d6J5Q24CePHj_JD7zjbwYy9KNH8wyr829eO_G4OEUW50FAN6HKtvjhJIguMl_1BLZ93z2KJyxExiNTZBUBQbbgCNBfzTv7JrxMw",
-                        "e": "AQAB",
-                    },
-                    {
-                        "kty": "RSA",
-                        "kid": "fh6Bs8C",
-                        "use": "sig",
-                        "alg": "RS256",
-                        "n": "u704gotMSZc6CSSVNCZ1d0S9dZKwO2BVzfdTKYz8wSNm7R_KIufOQf3ru7Pph1FjW6gQ8zgvhnv4IebkGWsZJlodduTC7c0sRb5PZpEyM6PtO8FPHowaracJJsK1f6_rSLstLdWbSDXeSq7vBvDu3Q31RaoV_0YlEzQwPsbCvD45oVy5Vo5oBePUm4cqi6T3cZ-10gr9QJCVwvx7KiQsttp0kUkHM94PlxbG_HAWlEZjvAlxfEDc-_xZQwC6fVjfazs3j1b2DZWsGmBRdx1snO75nM7hpyRRQB4jVejW9TuZDtPtsNadXTr9I5NjxPdIYMORj9XKEh44Z73yfv0gtw",
-                        "e": "AQAB",
-                    },
-                    {
-                        "kty": "RSA",
-                        "kid": "YuyXoY",
-                        "use": "sig",
-                        "alg": "RS256",
-                        "n": "1JiU4l3YCeT4o0gVmxGTEK1IXR-Ghdg5Bzka12tzmtdCxU00ChH66aV-4HRBjF1t95IsaeHeDFRgmF0lJbTDTqa6_VZo2hc0zTiUAsGLacN6slePvDcR1IMucQGtPP5tGhIbU-HKabsKOFdD4VQ5PCXifjpN9R-1qOR571BxCAl4u1kUUIePAAJcBcqGRFSI_I1j_jbN3gflK_8ZNmgnPrXA0kZXzj1I7ZHgekGbZoxmDrzYm2zmja1MsE5A_JX7itBYnlR41LOtvLRCNtw7K3EFlbfB6hkPL-Swk5XNGbWZdTROmaTNzJhV-lWT0gGm6V1qWAK2qOZoIDa_3Ud0Gw",
-                        "e": "AQAB",
-                    },
-                ]
-            },
-        )
-
-    with respx_mock(assert_all_mocked=False) as mocker:
-        mocked_route = mocker.get("https://appleid.apple.com/auth/keys").mock(
-            side_effect=api_side_effect
-        )
-
-        # apple = Apple(
-        #     "client-id", "client-key-id", "client-private-key", "client-team-id"
-        # )
-        # FIXME: Migrate this test properly
-        apple = Apple(
-            thirdparty.ProviderInput(
-                config=thirdparty.ProviderConfig(
-                    third_party_id="apple",
-                    clients=[
-                        thirdparty.ProviderClientConfig(
-                            client_id="client-id",
-                            additional_config={
-                                "keyId": "client-key-id",
-                                "privateKey": "client-private-key",
-                                "teamId": "client-team-id",
-                            },
-                        )
-                    ],
-                )
-            )
-        )
-        # pylint: disable=protected-access
-        keys = await apple._fetch_apple_public_keys()  # type: ignore
-
-        assert mocked_route.call_count == 1
-        assert len(keys) == 3
-        assert isinstance(keys[0], RSAPublicKey)